The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows re…
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
The product reads data past the end, or before the beginning, of the intended buffer.
https://cwe.mitre.org/data/definitions/125.html →Open in CWE collection →The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
https://cwe.mitre.org/data/definitions/130.html →Open in CWE collection →In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
https://capec.mitre.org/data/definitions/47.html →Open in CAPEC collection →An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
https://capec.mitre.org/data/definitions/540.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| openssl | Exploited | |
| openssl | Exploited | |
| openssl | Exploited | |
| openssl | Exploited | |
| rhev-hypervisor6 | Exploited | |
| rhev-hypervisor6 | Exploited | |
| spice-client-msi | Exploited | |
| application_processing_engine_firmware | * | Exploited |
| cp_1543-1_firmware | * | Exploited |
| debian_linux | * | Exploited |
| elan-8.2 | * | Exploited |
| enterprise_linux_desktop | * | Exploited |
| enterprise_linux_server | * | Exploited |
| enterprise_linux_server_aus | * | Exploited |
| enterprise_linux_server_eus | * | Exploited |
| enterprise_linux_server_tus | * | Exploited |
| enterprise_linux_workstation | * | Exploited |
| fedora | * | Exploited |
| filezilla_server | * | Exploited |
| gluster_storage | * | Exploited |